While updating my iPhone apps earlier today, I noticed an update for the PayPal iPhone app – version 3.0.1. When I read the changelog or update details, it mentioned that the version included an important security update. It didn’t specify what type of security update so I decided to do a little research. Found out from CNET that the update was a patch for a security hole in the iPhone app.

The now patched security flaw could have allowed malicious users to do a “man-in-the-middle” attack, tricking users into thinking that they’re accessing the real PayPal site when actually they aren’t and intercept transaction data sent between the iPhone and a Wi-Fi hotspot. This can happen when PayPal users access their account using an unsecured Wi-Fi network.

Aside from patching the security flaw on the iPhone app, PayPal has also announced that it will provide a 100% reimbursement for any fraudulent activity caused by the flaw.

If you have the PayPal app on your iPhone, make sure that you immediately upgrade to the latest version. If you haven’t, do not access your account until you’ve installed the update. And just to be sure, avoid or never access your PayPal or bank account on your mobile device over an unsecured Wi-Fi network.

The latest version of the Paypal iPhone app is now available in the App Store.

[via CNET News]

This is the first time I’ve heard of a security flaw that’s caused or involves two browsers. Most of the time, known security flaws are found in Internet Explorer and sometimes in Firefox. But this time it involves both browsers.

At first, security researchers laid the blame for the latest zero-day exploit on Microsoft’s Internet Explorer. Later on, they found out that the problem was with Firefox 2.0+ and that it was also vulnerable.

From CNet’s News Blog:

Users could face a “highly critical” risk if they have both IE and Firefox version 2.0, or later, loaded on their computer. The trouble begins when browsing a malicious site while using IE and it registers a “firefoxurl://” URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. As a result, users may find their systems remotely compromised.

Researchers say it’s a little bit of both. But from what I understand, even if you have both browsers installed on your computer but only use Firefox for browsing, then you won’t be at risk. If you’re running both browsers on your computer, make sure to check for security updates and install them right away.

One advantage of using Ubuntu/Linux or a Mac is that you don’t get to worry about these kinds of issues. I’m glad I joined the Linux bandwagon and installed Ubuntu on my machine. Even if you’re still using Windows, you can avoid this if you stop using IE and rather use Firefox, Flock or Opera.

.

Read the full story: Firefox and IE together brew up security trouble

Just 10 days after version 2.0.6 was released, WordPress released version 2.0.7 to address a security vulnerability that can be caused by certain PHP versions and also to fix the Feedburner issues found in 2.0.6.

You don’t have to update all of your WordPress files, only these files:

* wp-admin/inline-uploading.php
* wp-admin/post.php
* wp-includes/classes.php
* wp-includes/functions.php
* wp-settings.php
* wp-includes/version.php

I’ve already upgraded WordPress to 2.0.7 earlier.

Download WordPress 2.0.7

I’ve upgraded WordPress to version 2.0.6. The reason for this is I wanted to make sure that any existing security bugs would be fixed. “Better safe than sorry”, is what they say. This latest version fixes over 50 other bugs from the previous version. Also, if you are using Feedburner and decide to upgrade to 2.0.6 and you would also need this fix.